SSRF in Jeecgboot
CVE-2026-7603
A vulnerability was determined in JeecgBoot up to 3.9.1. Affected by this issue is the function checkPathTraversalBatch of the file FileDownloadUtils.jav of the component LoadFile Endpoint. This manipulation of the argument files causes se…
Vulnerability class: SSRF (Server-Side Request Forgery)
EPSS: 0.000 (5.0th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L.
Affected products
- N/a Jeecgboot — versions 3.9.0, 3.9.1
Weakness classification (CWE)
References
- VDB-360560 | JeecgBoot LoadFile Endpoint FileDownloadUtils.jav checkPathTraversalBatch server-side request forgery (technical-description, vdb-entry)
- VDB-360560 | CTI Indicators (IOB, IOC, IOA) (signature, permissions-required)
- Submit #805707 | jeecgboot JeecgBoot <= v3.9.1 SSRF (third-party-advisory)
- cna@vuldb.com (issue-tracking, exploit)
- cna@vuldb.com (issue-tracking, patch)
- cna@vuldb.com (product)
Frequently asked questions
- What is CVE-2026-7603?
- CVE-2026-7603 is a medium-severity vulnerability in Jeecgboot, classified under Server-Side Request Forgery (SSRF). CVSS score: 6.3/10. Published 2026-05-02.
- How severe is CVE-2026-7603?
- Medium severity. CVSS v3 base score is 6.3 out of 10.